Overview

overview

10

Static

static

3

b80fde9fb2...18.exe

windows7-x64

10

b80fde9fb2...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b80fde9fb28958ff8a768baf1065b74d_JaffaCakes118

  • Size

    460KB

  • Sample

    240822-r76hesvhjp

  • MD5

    b80fde9fb28958ff8a768baf1065b74d

  • SHA1

    d67dbd2ae226abd812eb03622206fd2a6a9e65b5

  • SHA256

    e59d5416cdf018834466987ea854dc0bb1a11d5b0209a578abb4a1d988619b07

  • SHA512

    4cbe94a2acc1abcbbd02d5046ea08000389ad6f31fd42cd6220c78453b6bcc8f93837d90489092bc3daebadf34614903d892dec2f9e783e4519cbdfae1412f04

  • SSDEEP

    12288:lMYF4CXCwPH7Nl0NY5ORBmMMTX1Mz93j2lP:lfF44d/74Oaz9i

Score
10/10
latentbotdiscoveryevasionpersistencetrojan

Malware Config

Extracted

Family

latentbot

C2

fly4butterfly.zapto.org

Targets

    • Target

      b80fde9fb28958ff8a768baf1065b74d_JaffaCakes118

    • Size

      460KB

    • MD5

      b80fde9fb28958ff8a768baf1065b74d

    • SHA1

      d67dbd2ae226abd812eb03622206fd2a6a9e65b5

    • SHA256

      e59d5416cdf018834466987ea854dc0bb1a11d5b0209a578abb4a1d988619b07

    • SHA512

      4cbe94a2acc1abcbbd02d5046ea08000389ad6f31fd42cd6220c78453b6bcc8f93837d90489092bc3daebadf34614903d892dec2f9e783e4519cbdfae1412f04

    • SSDEEP

      12288:lMYF4CXCwPH7Nl0NY5ORBmMMTX1Mz93j2lP:lfF44d/74Oaz9i

    Score
    10/10
    latentbotdiscoveryevasionpersistencetrojan

    • LatentBot

      Modular trojan written in Delphi which has been in-the-wild since 2013.

      trojanlatentbot

    • Modifies firewall policy service

      evasion

    • Adds policy Run key to start application

      persistence

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

      persistence

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks